Wireless Access

Reply
Occasional Contributor II

captive portal Access Denied sometimes

Hello,
I am testing a new captive portal with a user derivation rule to allow certain devices to auth based on the mac address.

 

For the clients using the captive portal, most of the times everything functions as it should.  (they enter credentials, i see activity logged on the radius server, they log in, they browse)

 

Sometimes however, after entering credentials, the page the user is redirected to is blank and i see ACCESS%DENIED in the URL.  Firefox reports that the client was redirected in a way that will not complete.

Worse still, on the radius server, when this happens, i see NO activity logged, even when debugging against my mac address or username.

 

Does anyone have an idea of what is going wrong?

 

config is:


aaa authentication captive-portal "portal-tst"

default-role "authenticated"
server-group "AAA-Radius"
no logout-popup-window
login-page "/upload/custom/portal/index.html"
no enable-welcome-page
white-list "OTHEROCSPCRL"
white-list "globalsignOCSPcrl"
!

user-role pre-portal-tst
captive-portal "portal-tst"
access-list session v6PermitOCSPcrl
access-list session permitOCSPcrl
access-list session netbios-acl
access-list session istns-http
access-list session v6-logon-control
access-list session logon-control
access-list session netid-http
access-list session captiveportal
access-list session captiveportal6
!


wlan ssid-profile "portal-tst"
essid "portal-tst"
g-basic-rates 6 12 24
g-tx-rates 6 9 12 18 24 36 48 54
max-clients 38
wmm
wmm-vo-dscp "56"
wmm-vi-dscp "40"
wmm-be-dscp "24"
wmm-bk-dscp "8"
local-probe-req-thresh 20
mcast-rate-opt
qbss-load-enable
!

aaa profile "aaa-portal-tst"
initial-role "pre-portal-tst"

user-derivation-rules "test-mac-role"
enforce-dhcp
!

wlan virtual-ap "portal-tst-VAP"
aaa-profile "aaa-portal-tst"
ssid-profile "portal-tst"
vlan 1026
band-steering
broadcast-filter all
auth-failure-blacklist-time 600
blacklist-time 0
deny-inter-user-traffic
!

 

 

Thanks,

Matt

Guru Elite

Re: captive portal Access Denied sometimes

The complete answer is in your custom HTML.  Have TAC take a look at it.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: captive portal Access Denied sometimes

Thanks, I will do that if it continues.
It may have been a bad ipv6 configuration on one of the controllers for that vlan.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: